Electric Power System Security

When we talk about any subject, it is always helpful to start with a definition in order to eliminate any possible misunderstanding. This is especially true when we have to discuss the security of the electric power system.

In the Technology News section of this issue of the magazine we talk about what is described as the biggest machine in the world – the Large Hadron Collider (LHC), which in reality is just a small device compared to a Large Electric Power System (LEPS). And the impact of a failure of the electric power system is much bigger than a failure of the LHC – unless the concern of some physicists that a micro black hole might swallow the Earth becomes a reality (See Legal Concerns).

So when we look for a generic definition of “security”, we can say that there is more or less a consensus that it is freedom from risk or danger. Based on this definition, and our knowledge of the electric power system, we can think about its security as the ability of the system to withstand imminent disturbances or contingencies. Considering the size of a LEPS and the huge number of components that it has, as well as its exposure to the forces of nature and activities of human and other beings, it is clear that the probabilities for disturbances and contingencies are significant. The acceptance and the wide spread use of microprocessor based multifunctional intelligent electronic devices (IEDs), computer based substation automation & energy management systems, and the communications between them, raises further the complexity of the system. It introduces a whole new range of security concerns – cyber security.

All of the above drove our decision to focus several articles in this issue of the magazine on electric power system security.

One of the key requirements for improvement of the security of the electric power system when facing unpredictable events such as lightning strikes, short circuit faults or other abnormal system conditions, is the reducing of the risk for failure of any component of a fault clearing system. The article about protection of substations with a single battery discusses some of these issues.

The cover story focuses on cyber security. It addresses many different aspects of the issue related to three core areas known in the computer security industry as “CIA”:

Confidentiality - ensuring that information is not accessed by unauthorized persons

Integrity - ensuring that information is not altered by unauthorized persons in a way that is not detectable

Authentication - ensuring the users are the persons they claim to be.

The different tools, policies and requirements for maintaining the cyber security of the electric power system are not going to help us unless we change the way we do things. It is true that “The secret of success is knowing who to blame for our failures,” but it always amazes me when I see a relay in a substation that still has the factory default password and is connected to a remote engineering station through a modem using Telnet – a really un-secure protocol. We will definitely have to overcome our inertia and make an effort to use the tools that we already have.

Based on experience this change in attitude is not going to be easy and it will take time and effort. It reminds me of people that smoke, who take a cigarette out of a box with a huge label on it stating that smoking kills you and smoke it, thinking that nothing is going to happen to them. And then when it happens, it is the fault of everybody else. Same thing with cyber security – many people know about the dangers, know about the tools, but are not willing to make the effort. They think that no one is going to hack their system. Until it happens!

So we need to get wiser and do something about security, because even though the probability for a breach might be close to zero, it does not mean that it will not happen. We should keep in mind that many computer security experts consider a secure computer one that is shut down and locked in a vault. It is clear that in our PAC world we need to do something different. Maybe the solution can be found in Machiavelli’s words: Wisdom is being able to distinguish among dangers and make a choice of the least harmful.